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Technical Geld 

The present invention pertains to a system for control and supervision of residential 
control in a broadband network. 

Prior art 

5 An Internet Service Provider (ISP) is responsible for all existing IP addresses which 

are assigned to a customer in, for example, a broadband network by the lANA. All IP 
addresses leased to residential customers arc dynamic and random assigned via a Dyxiamic 
DHCP. 

Each computer is uniquely identified by a MAC-address. Based on the MAC-address 
10 the client is assigned an IP address. However the MAC-address is easy to change and-can not 
• be used as a secure identifier for each computer. 

In an ethemet® network all coimected to it share the same range of addresses. 
In a broadband over ethemet® network it is to be sure that each customer can only be 
assigned as many addresses per access class as ihey have bought or subscribe for. Each access 
IS class carries a specific type of network equipment, computers, IP Telephones, Set-Top boxes, 
etc- 

Before any user can use services in a network according to the present invention they 
have to identify themselves to the network. There can be a plurality of users per each 
customer in the network, family members, employees, etc. Hence, there is a need for a 
20 controlled method of identifying each user before they can use any other provided services. 

Clients or customers shall not be able to set static IP addresses on their own clients, 
because they should not be able to send traffic from an address which has not been assigned to 
them. 

Other problems, or relating to those above, have to be solved in order to provide a 
25 feasible broadband network. These problems are mainly related to port control, forced 
redirections, traffic mediation, port snooping, IP to pon logging, intelUgenl real time 
analysing. 

Summary of the described iovcntion 

One aim of the present invention is to solve problems related to control and 
30 supervision of residential control in a broadband network. 

In order to solve these problems the present invention sets forth a system for control 
and supervision of residential control in a broadband network. It comprises at least one of the 
following features provided by hardware and software broadband network dedicated means: 
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pon control by feeding a protocol server for auto-configurarion of cli nt network 



parameters with information ftom a VMPS cUent providing that each networlc customer 
address can be connected to a unique name of a port for one customer inside the network; 

class of service assurance for specific types of customer equipment denying attempts 
5 to lease additional customer addresses through said protocol server which keeps a record of 
all assigned addresses to said policy server; 

forced redirection for network login procedure by redirecting a customers browser to 
a predetermined login procedure when a network connected computer/equipment is turned on, 
thus providing a controlled way of identifying each customer before xising other available 
10 services; 

abuse and anti-spoof protection by adjusting boarder gateway control routing tables 
in real time in respect of said protocol for auio-conflguration. 

In one embodimcm it announces helper addresses as dynamic routes providing 
instant fail-over if a daemon fails by withdrawing routes from a network service providci^ 
W IS boarder gateway control table, whereby a lower prioritiaed daemon immediately takes connrol. 
1% Another embodiment comprises that it adjusts boarder gateway protocol routes to 

y customer devices in real lime according to a protocol for auto-configuration of client network 

n parameters, thus enhancing load balancing in network fiber rings, and which provides that it is 
rU impossible for a customer to use an address without leasing it from said protocol server. 

20 A further embodiment of the present invention comprises a real time uaffic 

O analyzing, detecting unauthorized servers run by a customer and software which provides a a 

II network address. 

U A still fiirther embodiment comprises that said port control controls activation and 

zi deactivation of residential access ports. 

25 Another embodiment comprises that said port control provides the assigning of a 

static network address to a specific pon and MAC address. 

Yet another embodiment comprises that said forced redirection provides forced 

network portal logins. 

One embodiment of the present invention comprises that it provides rrafSc mediation 
30 which enables the system to aggregate Cisco® NciFlow 24 information based on a resedential 
port. 

A further embodiment comprises that it provides pon snooping, looking at ports so to 
say, through display of pon information or port link states. 
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Yet a further embodimeni provides nerwork addresses to residential pon logging. 



which enables to find out who a specific network address was leased to at a given time, which 
provides abuse administration in a broadband network. 

Brief description of the drawing 
Hencefonh reference is had to the anached drawing and the accompanying text 
for a better understanding of the present invention and its examples and embodiments, 
wherein the single: 

Fig- illustrates a system for control and supervision of residential control in a 
broadband network in accordance with the present invention. 

Abbreviations and acronyms 

The following abbreviations and acronyms arc used in the present description: 
BGP- Border Gateway Protocol. 
DHCP- Dynamic Host Configuration Protocol, 
FQPN- Fully Qualified Port Name. 
ISP- Internet Service Provider. 

M2- working name of a project platform which provides new solutions for controlling and 
supervising access in a broadband network over Ethernet. 
MAC Address- Media Access Control Address- 
VMPS- VLAN Membership Policy Server. 
VQP-VLAN Query Protocol. 

Detailed description of preferred embodiments 
The present invention sets forth a system, provided for control and supervision of residential 
control in a broadband network 10, schematically illustrated in the single Fig. M2 is a 
platform which incorporates standard network broadband means and protocols, and provides a 
bwe for new solutions for tracing, controlling and supervising access in a broadband network 
over Ethemet. 

BGP was originally designed for carrying routing information between different ISP 
and has lately been used for carrying internal routes inside an ISP. 

A DHCP is a protocol for auto-configuration of client network parameters. 

FQPN is a unique name of a port inside a broadband ncrwork. Each FQPN is tied to 
only one customer. 

M2 is a working name of a project platform for a broadband network, which subject 
is to develop and add new solutions for tracing, controlling and supervising access in a 
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•broadband over eihemei' network or like networics. The presenr invention provides such a 
new solution. 

A MAC address is unique for eveiy.nerwork controller ever manufactured. Each 
manufacturer is assigned a span of addresses which they may use as it pleases them. 
5 VQP is a protocol spoken between VMPS clients, and VMPS servers 28, The 

protocol sends information about new detected MAC Addresses, on which port the MAC 
Address was detected, number of existing MAC Addresses on the pon, etc- It expects a 
response from the server if the client has access to the network and if so, information about 
which VLAN the port should be assigned to. 
10 By feeding a DHCP server 30 with infomaation from a VMPS server 28, each IP 

..address can be tied to a FQPN in real-time and logged xo a central server. The DHCP server 
30 knows exactly how many addresses that have been assigned to each FQPN. Therefore it is 
able xo deny any ftiither anempis to lease additional addresses. 

Through redirecting users web-browser to a login procedure when a computer 14, or 
C3 15 other equipment including sufficient clcctrotiic intelligence, connected to the broadband 
m network 10 is turned on it forces users to identify themselves to the network before any other 
web-site can be reached. 

^3 By adjusting BGP routing tables in the network 10 in real-time with respect to 

ry DHCP it is assured by the present invention that there is no feasible route to an address which 

20 has not been leased from the network 10. 
O Illustrated schematically in the attached Fig. is a broadband network 1 0, and 

7^ specifically set out are the pans that provide the present invention together with an example of 

H a routing path- for transmission of infomiation in the broadband network 10 according to the 
52 present invention. Also coimected to the path is the rest of a broadband network schematically 
25 illiastrated as an area 12. This area 12 can comprise connections to other networks such as for 
example Internet, PSTN, GSM, or the like. 

A middle-ware platform is chosen, here a TIB Rendezvous bus platfomil 1 . By 
fully utilizing features in a TIB Rendezvous 1 1 software M2 is a 100% distributed and 
scaleable platfonn. 

30 The network 10 illustrated is further comprising three main layers a core (CORE), 

a distribution layer (DIST), and a access layer (ACCESS) as indicated with a broken line in 
the Fig. Said core utilizes fast machines for transmitting IP traffic in the network such as 
routers 16 for choosing paths in big WAN/IP networks. 
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Layer DIST makes up the distribution pan of the neiwork 10, thxis aggregating 
access equipment, illustrated as utiUzing combin d switches and routers IS whereby the 
switch is used for simpler path choosing in a LAN. 

Layer ACCESS makes up the access pan of the broadband netwoilc, i.e., where 
customers are connected with there equipment 14. herein illustrated as utilizing switches 20, 

The attached Fig. illustrates a system for control and supervision of residential 
control in a broadband network. Ii comprises further at least one, preferably all, of the 
following features provided by hardware and software broadband network dedicated means 
M2, 22, 24, 26, 28, and 30. see the attached Fig.: 

pon control by feeding a protocol server DHCP 30 for auto-configuration olcUent 
. network parameters with information from a membership policy server VMPS 28 providing 
that each neiwork customer address can be connected to a unique name of a pon for one 
customer inside the network 10; 

class of service assurance for specific types of customer equipment denying anempts 
to lease additional customer addresses through said protocol server DHCP 30 which keeps a 
record of all assigned addresses to said policy server VMPS 28; 

forced direction for network login procedure by redirecting a customers browser to a 
predetermined login procediire when a network connected computer 14 is turned on, thus 
providing a controlled way of identifying each customer before using other services; 

abuse and anti-epoof protection by adjusting boarder gateway BGP control routing 
tables in real time in respect of said protocol for auto-configuration; and 
thereby providing services differentiation for customers. 

With the system of the present invention advantages over prior art are elucidated and 
introduced below. 

Regarding port control it introduces activation an deactivation of residential access 
pons. It fiirther makes possible to assign each port to an access class. Each class has a set of 
attributes such as maximum IP addresses, maximum IP telephones etc which is an unique 
feature over prior an broadband networks. It also makes possible to assign a static IP address 
to a specific port and MAC address. 

Forced directions are comprised in the present invention which makes it possible to 
redirect broadband traffic based on a set of predetermined conditions for such. Funher. it 
introduces the possibility of forced ponal logins for users. 

The feature of traffic mediation is provided by the present invention which makes it 
possible to aggregate Cisco ® NetFlow information based on a residential pon connected to 
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the broadband network. To mediate on IP addresses alone is not useflil since each customer is 
assigned a randomized IP address at every boot up. Therefore the system of the present 
invention is able to introduce the imique feature of a residential port for traffic mediation. 

The feature port snooping makes it possible for the broadband nerwork comprising 
5 the present invention to display pon information on demand which makes troubleshooting 
much easier regarding customer services. It provides information about port link states, 
DHCP leases, packet flows etc. 

Another feature provided by the system of the present invention is IP to residential 
port logging which makes it possible for the network depicted in the Fig. to find out who a. 
10 specific IP was leased to at a given time. This feature is necessary for administrating ^use in 
- a hroadhand nerwork. 

Features belonging to the iBGP route injection 22, see Fig, are all unique to the 
broadband network of the present invention. The nerwork annoimccs all its helper addresses 
for DHCP 30, WCCP (Web Cash Control Protocol, a Cisco ® proprietary) 26 etc. as dynamic 
15 routes. This provides instant fail-over if a daemon fails, thus withdrawing routes foam a BGP 
table and a lower prioritized daemon immediately takes over- As an additional unique feature 
in the present invention it adjusts iBGP routes to customer devices in real time according to 
DHCP 30 leases, 

A daemon is a background process which acts as a server and dynamically accepts 
20 commands from other processes usually in the backgroimd. 

From tbc iBGP route injection 22 feature according to the present invention follows 
that it is impossible for a customer to make use of an address without leasing it from the 
DHCP server; It also provides perfect load balancing features in city fiber rings. 

A fUnher unique feature for a broadband network and the system of the preserii 
25 invention provides intelligent real time traffic analyzing, whereby the network can detect 

unauthorized servers run by a customer over WWW, DNS (Domain Name System) etc. It can 
thus also provide software detection which software undertakes IP address translations. Such 
software could belong to IP masquerading, network PAT firewalls or proxy servers. 

Means used in the present invention can be provided by software or a combination of 
30 software and hardware known to persons skilled in the an. 

Although the present invention has been described through specific preferred 
embodiments, the scope of the invention is not limited merely to those. For a person skilled in 
the art, it is what is claimed through the attached sets of claims that defines the scope of the 
present invention. 
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